1

I want to blacklist all the external storage devices and only allow specific brand of device such as SanDisk. I had blacklisted the external storage devices by using USBSTOR* and whitelist all the SanDisk devices by using USBSTOR\DISK&VEN_SANDISK*

All the external storage devices are blocked successfully including the 3G/4G USB dongle which I don't wan it to be blocked.

In my case, what is the best practices for implementing a Device control policy?

IanCool
  • 101
  • 1
  • 4
  • Why only a specific brand? Note that there's nothing preventing the device from lying to you anyways. – Clockwork-Muse Jun 07 '15 at 10:17
  • @Clockwork-Muse: Its a mitigation technique, there are already [proprietary solutions](http://www.wilderssecurity.com/threads/does-the-use-of-virtualbox-create-a-defense-against-loggers.303738/) mainly designed for government and military environments, the question here being to what extend such measure can be implemented manually without requiring such third-party software... – WhiteWinterWolf Jun 07 '15 at 11:15
  • @WhiteWinterWolf - the thread you linked to was about VM use? I know blocking USB connections can help against malicious storage, but again, why by brand? I could understand specific models (although it'd still be possible to be lied to), and even better if the device itself has a unique id. – Clockwork-Muse Jun 07 '15 at 12:00
  • Can you see your 3G/4G USB dongle in the Device Manager under Other Devices? – Daniel Jun 07 '15 at 10:11
  • @Clockwork-Muse: Sorry, the link was erroneour, wrong copy-paste. [The valid link is this one](http://www.bertin-it.com/en/innovative-products-by-bertin-it/whiten-protection-against-malicious-usb-devices/), the goal being to limit the type of device which can be plugged (no webcam, no USB keyboard to prevent Bad-USB, no networking device, etc) and limit to the model actually used and approved by the company policy (no personal USB taken from home, no unknown key offered by a third-party, no phone, no camera, etc.) – WhiteWinterWolf Jun 07 '15 at 12:55
  • @WhiteWinterWolf - ... and what happens if they personally own something from SanDisk (which is a decently popular/available brand)? That's what I was getting at, brand alone is too wide (and it looks like he's only blacklisting storage devices, not keyboards, too). – Clockwork-Muse Jun 07 '15 at 14:19
  • @Clockwork-Muse: From a technical point of view, implementing a device control policy in order to define a USB devices white list seems a valid *mitigation* technique to me *against some threat*. I do not know OP actual requirements (I hope for him it is not filtering just for the sake of filtering, it would be like putting a firewall allowing everything). I do not know either actual military/government system, but I guess they would limit connectivity to military grade self-encrypting USB sticks, which you will most likely not find in the next street-corner grocery shop ;). – WhiteWinterWolf Jun 07 '15 at 14:35
  • I think you might have to use some proprietary solutions like http://www.endpointprotector.com/ – ρss Jun 07 '15 at 15:29

0 Answers0